Weaknesses of type CWE-863

2,100 results
CVE-2026-32924MEDIUMOpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in FeishuEPSS 0.3%CVE-2025-21570MEDIUMVulnerability in the Oracle Life Sciences Argus Safety product of Oracle Health Sciences Applications (component: Login). The supported veEPSS 0.3%CVE-2025-6168LOWIncorrect Authorization in GitLabEPSS 0.3%CVE-2026-45339MEDIUMOpen WebUI: API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpointsEPSS 0.3%CVE-2026-33132MEDIUMZITADEL is missing enforcement of organization scopesEPSS 0.3%CVE-2026-24851MEDIUMOpenFGA Improper Policy EnforcementEPSS 0.3%CVE-2026-28873HIGHThis issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. EPSS 0.3%CVE-2025-66719CRITICALAn issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file EPSS 0.3%CVE-2025-41031MEDIUMMultiple vulnerabilities in Deporsite by T-INNOVAEPSS 0.3%CVE-2025-3476CRITICALIncorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authentEPSS 0.3%CVE-2025-41030MEDIUMMultiple vulnerabilities in Deporsite by T-INNOVAEPSS 0.3%CVE-2025-3453MEDIUMPassword Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2023-52361HIGHThe VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect inEPSS 0.3%CVE-2026-27936MEDIUMDiscourse discloses restricted post-action counts to non-privileged usersEPSS 0.3%CVE-2026-27899HIGHWireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-UpdateEPSS 0.3%CVE-2025-10545LOWGuest user can add unauthorized team users to private channelsEPSS 0.3%CVE-2024-32643HIGHMasa CMS vulnerable to authentication bypass with /tag/EPSS 0.3%CVE-2026-26336HIGHHyland Alfresco Improper Authorization Arbitrary File ReadEPSS 0.3%CVE-2026-33470MEDIUMFrigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webpEPSS 0.3%CVE-2024-31402MEDIUMIncorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared TEPSS 0.3%